site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Feb 19, 2007, at 09:31 , Axel Rau wrote: Hi, Client is Darwin 8.8 / Mac OS X 10.4.8. Questions: Is this a known problem? Should I provide more data? Should I file a kernel bug? Justin -- Justin C. Walker, Curmudgeon-At-Large Institute for the Enhancement of the Director's Income -------- When LuteFisk is outlawed, Only outlaws will have LuteFisk -------- _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... while trying to analyze a problem with hanging Mail.app, which talks to an IMAP server through an OpenBSD firewall, I got some interesting diagnose from Daniel Hartmeier (daniel@benzedrine.cx) from the OpenBSD project: I quote from his posting in the OpenBSD pf list: http://marc.theaimsgroup.com/?l=openbsd-pf&m=117176062511692&w=2 and sends a RST. But the sequence number (th_seq) used in the RST is not valid. It should be 2634574290 (past the last segment the client sent), not 2634574252 (past the second-to-last segment, not including the payload in the FIN+PSH). This looks like a bug in the client's TCP/IP stack, and how to fix it depends on the client's OS. IMO, the RST is invalid, and pf is right in blocking it. This is perhaps a corner case in the protocol spec. I'm not sure I buy the conclusion above, but it would be good to hear from the experts. As I read 793, the reset is generated with the current state of the window as the sequence number. From your trace, it looks like the sender (.106) sent data and then immediately reset the connection. The last ack from the receiver (.20) was ...252, so using ...252 seems right to me (the sender can't assume that the ...290 segment was/will be received). Judging from the following resets, the stack will use the last-acked sequence number. I'd file a bug report, but I'm not convinced the behavior you see is incorrect (from the standard). This email sent to site_archiver@lists.apple.com